Add a section documenting how to deploy code-server without Coder.

bfe4ac18 · Théo Zimmermann · 06abb3db · bfe4ac18
Unverified Commit bfe4ac18 authored 3 months ago by Théo Zimmermann
--- a/README.md
+++ b/README.md
@@ -346,4 +346,93 @@ Check that no load balancers or volumes are left:
 ```bash
 openstack loadbalancer list
 openstack volume list
-```
\ No newline at end of file
+```
+
+## Deploying code-server to VMs without Coder or Kubernetes
+
+When using Coder to provide a unique predefined workspace for students enrolled in a course, the flexibility brought by the Coder infrastructure and Kubernetes auto-scaling may be overkill. A possible alternative is to deploy code-server directly on VMs, without Coder or Kubernetes.
+
+### Create the VMs and deploy code-server
+
+The following script creates 10 VMs, deploys code-server on each of them, and generates a random password for each instance. The script assumes that the inf110 network already exists and that it contains the reverse proxy VM and the insecure Docker registry VM, as will be the case if the previous steps were followed.
+
+```bash
+for i in {1..10}; do
+    openstack server create \
+        --flavor m2.light \
+        --image ubuntu-noble-21-08-2024 \
+        --network inf110 \
+        --security-group default \
+        --security-group ssh_icmp \
+        --security-group HTTP_HTTPS \
+        --availability-zone nova \
+        --key-name $KEYPAIR \
+        -f json \
+        inf110-code-server-$i >> /tmp/inf110-code-server-vm-ids
+done
+for i in {1..10}; do
+    # Get the private IP of the VM
+    openstack server show $(jq -r .id /tmp/inf110-code-server-vm-ids | sed -n ${i}p) -f json | jq -r .addresses | cut -d'=' -f2 | cut -d',' -f1 >> /tmp/inf110-code-server-vm-ips
+done
+for i in {1..10}; do
+    # Generate a random password
+    PASSWORD=$(pwgen -s 8 1)
+    echo $PASSWORD >> /tmp/inf110-code-server-vm-passwords
+    # SSH to the VM
+    ssh -J ubuntu@137.194.210.143 ubuntu@$(jq -r .addresses /tmp/inf110-code-server-vm-ips | sed -n ${i}p) << EOF
+sudo apt update
+sudo apt-get install -y docker.io
+sudo tee /etc/docker/daemon.json << 'EOF2'
+{
+    "insecure-registries" : [ "10.0.0.99:5000" ]
+}
+EOF2
+sudo systemctl reload docker
+mkdir -p .config/code-server
+tee .config/code-server/config.yaml << 'EOF2'
+bind-addr: 0.0.0.0:8080
+auth: password
+password: $PASSWORD
+cert: false
+EOF2
+mkdir -p tp/.vscode
+sudo docker run -d --name code-server -p 80:8080 -v $(pwd)/tp:/home/coder/tp -v $(pwd)/.config/code-server:/home/coder/.config/code-server --restart unless-stopped 10.0.0.99:5000/inf110-workspace:latest /usr/bin/code-server
+EOF
+done
+```
+
+### Deploy the workspace contents
+
+```bash
+for file in inf110-workspace-contents/README.md inf110-workspace-contents/_CoqProject inf110-workspace-contents/tp1.ipynb inf110-workspace-contents/tp1-mysterious-tm.png inf110-workspace-contents/tp*.mv; do
+    for i in {1..10}; do
+        scp -J ubuntu@137.194.210.143 $file ubuntu@$(jq -r .addresses /tmp/inf110-code-server-vm-ips | sed -n ${i}p):tp
+    done
+done
+for i in {1..10}; do
+    scp -J ubuntu@137.194.210.143 inf110-workspace-contents/settings.json ubuntu@$(jq -r .addresses /tmp/inf110-code-server-vm-ips | sed -n ${i}p):tp/.vscode
+done
+```
+
+### Reverse proxy configuration
+
+The reverse proxy configuration redirects different endpoints to the different code-server instances. The private IP of a VM determines the endpoint.
+
+```nginx
+        location ~ ^/code-server-(\d+) {
+                # Capture the server number
+                set $server_number $1;
+
+                # Rewrite the URL to strip the /code-server-{NUMBER}/ part
+                rewrite ^/code-server-\d+/(.*)$ /$1 break;
+
+                # Dynamically construct the proxy_pass target
+                proxy_pass http://10.0.0.$server_number;
+                proxy_http_version 1.1;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection "upgrade";
+                proxy_set_header Host $host;
+        }
+```
+
+Each code-server instance is accessible at `https://tp-inf110.r2.enst.fr/code-server-{NUMBER}/?folder=/home/coder/tp`, with a specific password generated during the VM creation, and stored in `/tmp/inf110-code-server-vm-passwords`.